Hackers Shift Aim to IT Supply Chain
Kaseya Targeted in Latest Breach
Over the past several days a ransomware attack targeting Kaseya, a provider of IT management tools, has received significant national news coverage. This particular attack is unique because of the scope of impact. Kaseya develops the IT support tools used by many firms that provide outsourced IT support for businesses. Through this attack, the hackers were able to impact not just Kaseya, but also impact the operations of IT service providers who leveraged Kaseya software products and the clients of those providers.
According to Kaseya CEO Fred Voccola, this breach impacted 50 of Kaseya’s direct customers. However, each of these customers manages many computers and other devices on behalf of their clients, therefore the impact is far greater. According to Security Week, potentially 1500 firms may be impacted to some extent.
The impact of this breach is that the affected customer providers of Kaseya have been unable to leverage critical management tools in order to service their clients since Friday afternoon when this breach occurred. In many cases, providers have alternative means to provide support, but at a reduced capability level. As of this writing, five days after the initial breach, Kaseya is still working to restore services to their customers.
Hacker Groups Shift Focus to Supply Chains
Recently we’ve seen hacker groups shift their focus from individual businesses to business supply chains. Earlier this year we watched ransomware attacks unfold against the US energy sector, Colonial Pipeline, and the world’s largest provider of beef, JBS. These attacks, along with this latest attack on the IT sector, raise the stakes by targeting broad groups of businesses and individuals who rely on these business supply chains whether for fuel, food, or business operations.
In each of these cases, the attackers demanded payment amounts in millions of dollars. Colonial Pipeline paid hackers $5 million the day following the attack (CNBC.com, June 9th). JBS reportedly paid hackers $11 million (NBCNews.com, June 9th), and hackers have demanded $70 million from Kaseya in this latest attack (SecurityWeek.com, July 6th). It is likely this amount will be negotiated down to some smaller, but still significant, amount.
Protecting Your Business from Cybercriminals
Protecting your business systems and data has never been more critical. Attacks like these show no signs of stopping, or even of slowing down, any time soon. As quickly as one hacker group is exposed, another group pops up in its place. In many cases, the same hackers simply jump from group to group to continue their nefarious activities under a new name.
The most effective methods of protecting your business data and systems have remained mostly the same, but many businesses still fail to implement the necessary changes required to deter criminals.
- Recognize that email phishing and weak passwords are the two most significant threats to the security of your business systems and data.
- Provide Security Awareness Training to your employees on a regular basis.
- Develop, implement, and enforce a strong password policy for all systems.
- Implement Multiple-Factor Authentication (MFA or 2FA – two-factor authentication) for all systems.
- Ensure all systems receive security updates on a regular basis, at least monthly or as updates are released.
- Ensure all systems are protected by adequate security and monitoring software, that systems are monitored 7×24 for security issues, and that any issues identified are quickly addressed.
About Oceantec
Oceantec provides IT consulting and managed services to business clients. Our business, technology, and security assessment services can help identify areas in your current model where improvements in security or operational efficiency can be made. Please contact us to learn more or to schedule an assessment today.